Cybersecurity at work (Cybersecurity Awareness Month: Week 1)
4 October 2021
October is Cybersecurity Awareness Month, and as usual we’re helping our member councils spread awareness of common cybercrime topics within local government.
How you can help protect your organisation
Local government faces many challenges. In recent years we’ve seen cybercrime become more prevalent, and the pandemic has only exacerbated the problem.
Cybersecurity covers a wide scope, from high-level robust IT infrastructure to simpler measures relevant to all members of staff, like password security. Councils can suffer any type of cyberattack including whaling, ransomware, denial of service, phishing, hacking and so on. IBM’s 2020 report placed the average cost of a cyberattack at £2.87 million. And it typically takes over 200 days to even detect a breach.
According to recent data from security company Thycotic, many employees aren’t prepared or educated in the risks. 45% see their organisation being at little or no risk of cybercrime, while 51% said that IT should be solely responsible for protecting their workplace from attacks.
But the National Cyber Security Centre (NCSC) reminds us how important people are when it comes to cybersecurity. In a keynote speech, their People-Centred Security Lead explains that for security to work, it needs to work for people. Employees can be the “strongest link” when it comes to cybercrime.
Attacks on local authorities
Hackney London Borough Council was hit by a ransomware attack in 2020 that one councillor estimated might have cost up to £10m. It took the authority four months to restore their IT systems, and six months later some council services were still being affected.
Elsewhere in the UK and abroad similar stories have been reported. Hull City Council’s audit committee heard that the authority suffered 10 cybersecurity incidents in 2020, not including the “thousands of malicious emails received every week”. None of these incidents were critical, but figures are significantly higher than the number of attacks experienced pre-pandemic.
Reusing passwords is a common risk, with a survey by Google finding that 52% of people reuse passwords for multiple accounts. Where people reuse the same password for personal accounts and work accounts, this presents a significant risk to the authority.
Raising awareness during October
This month is Cybersecurity Awareness Month, and we’re taking the opportunity to spread the message on remaining cyber secure.
Week 2 is about creating a secure password, while week 3 covers suspicious emails. In the final week of Cybersecurity Awareness Month, we look at falsified documents you might receive electronically and ask if you can spot the errors in a fake invoice.
To find out more about cybersecurity, contact your IT team or visit the NCSC’s website.
What's happening in Cybersecurity Awareness Month?
View our poster to find out what topics are coming up this month
